According to our telemetry and our own intelligence, the host at this IP address has been setup by cyber criminals for the exclusive purpose of hosting phishing sites, malware distribution sites and/or botnet controllers. We therefore advise our users to block any traffic from/to this IP address. The host at this IP address is obviously… Читать далее Malware / Botnet / Phishing hosting server @213.226.112.64
spam support (domains)
Domain used in spam operation itismorethanhealth.com [66.29.149.213] Received: from wrqvxppk.outbound-mail.sendgrid.net ([149.72.163.49]) Received: from MjU0MDc2ODA (unknown) Date: Mon, 21 Mar 2022 23:xx Subject: TODAY IS NATIONAL MEMORY DAY: Can It Actually Be Undone in Less Than 5 Minutes
Abused / misconfigured newsletter service (listbombing) [5th listing]
*** 5th listing due to the same cause! *** The host at this IP address is being (ab)used to «listbomb» email addresses: From: aidsmap bulletins <bulletins@bulletins.aidsmap.com> Subject: aidsmap news: Ukrainians displaced by Russian invasion struggling to access HIV and drug dependency treatment, 21 March 2022 Problem description ============================ Spammers signed up for the bulk email… Читать далее Abused / misconfigured newsletter service (listbombing) [5th listing]
Abused / misconfigured newsletter service (listbombing)
The host at this IP address is being (ab)used to «listbomb» email addresses: From: OGI Newsletter <no-reply@oginoreply.co.uk> Subject: AUVSI XPONENTIAL 2022: Stay on Top of the Ever-Changing Industry Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages… Читать далее Abused / misconfigured newsletter service (listbombing)
AsyncRAT botnet controller @149.56.43.121
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 149.56.43.121 on port 4199 TCP: $ telnet 149.56.43.121 4199 Trying 149.56.43.121… Connected to 149.56.43.121. Escape character… Читать далее AsyncRAT botnet controller @149.56.43.121
BitRAT botnet controller @20.114.61.232
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 20.114.61.232 on port 2222 TCP: $ telnet 20.114.61.232 2222 Trying 20.114.61.232… Connected to 20.114.61.232. Escape character… Читать далее BitRAT botnet controller @20.114.61.232
RedLineStealer botnet controller @188.68.205.115
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 188.68.205.115 on port 17645 TCP: $ telnet 188.68.205.115 17645 Trying 188.68.205.115… Connected to 188.68.205.115. Escape character… Читать далее RedLineStealer botnet controller @188.68.205.115
Malware botnet controller @5.63.155.126
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 5.63.155.126 on port 80 (using HTTP GET): hXXp://sughicent.com/blaka.php $ dig +short sughicent.com 5.63.155.126 $ nslookup 5.63.155.126 5-63-155-126.cloudvps.regruhosting.ru Referencing malware binaries (MD5 hash):… Читать далее Malware botnet controller @5.63.155.126
phishing server
34.92.83.202|amaoznjaapan.cf|2022-03-05 04:41:11 34.92.83.202|amaoznjaapan.ga|2022-03-04 18:56:53 34.92.83.202|amaoznjaapan.gq|2022-03-04 18:56:44 34.92.83.202|amaoznjapancom.cf|2022-03-03 23:02:07 34.92.83.202|amaoznjapancom.gq|2022-03-02 16:18:21 34.92.83.202|amaoznjapancom.ml|2022-03-02 16:12:43 34.92.83.202|amazonjatpan.cf|2022-03-03 17:57:58 34.92.83.202|bkmufgjapan.uk.ms|2022-03-15 16:52:18 34.92.83.202|bkmufgjp.crabdance.com|2022-03-18 10:28:41 34.92.83.202|etc-mdisai.chickenkiller.com|2022-03-19 10:28:28 34.92.83.202|etc-meianznjp.bakkoda.com|2022-03-21 21:15:42 34.92.83.202|etc-meiasiz.serveirc.com|2022-03-11 09:09:04 34.92.83.202|etc-meisasijp.cf|2022-03-22 09:01:41 34.92.83.202|etc-meisasijp.ga|2022-03-22 09:02:23 34.92.83.202|etc-meisasijp.gq|2022-03-22 09:02:13 34.92.83.202|etc-meisasijp.ml|2022-03-22 09:01:51 34.92.83.202|etc-meisxi.eggdrop.one.pl|2022-03-17 18:25:55 34.92.83.202|etc-mesiaixjp.cf|2022-03-22 09:02:02 34.92.83.202|etc-mesiaixjp.ml|2022-03-22 09:01:35 34.92.83.202|etcmeisai.amaoznejapanc.ml|2022-03-10 17:37:29
spam emitter @137.184.200.152
Received: from mail.lisatte.com ([137.184.200.152]) From: «Witt, Client Manager» <contact@lisatte.com> Subject: 💰 Uw investeringsplan is klaar, [] Date: Tue, 22 Mar 2022 13:0x:xx +0000